1EVP_EncryptInit(3)                  OpenSSL                 EVP_EncryptInit(3)
2
3
4

NAME

6       EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
7       EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
8       EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFi‐
9       nal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl,
10       EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, EVP_EncryptFinal, EVP_Decryp‐
11       tInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal,
12       EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj,
13       EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length,
14       EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode,
15       EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid,
16       EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
17       EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
18       EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
19       EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1,
20       EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding - EVP cipher rou‐
21       tines
22

SYNOPSIS

24        #include <openssl/evp.h>
25
26        void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
27
28        int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
29                ENGINE *impl, unsigned char *key, unsigned char *iv);
30        int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
31                int *outl, unsigned char *in, int inl);
32        int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
33                int *outl);
34
35        int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
36                ENGINE *impl, unsigned char *key, unsigned char *iv);
37        int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
38                int *outl, unsigned char *in, int inl);
39        int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
40                int *outl);
41
42        int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
43                ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
44        int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
45                int *outl, unsigned char *in, int inl);
46        int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
47                int *outl);
48
49        int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
50                unsigned char *key, unsigned char *iv);
51        int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
52                int *outl);
53
54        int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
55                unsigned char *key, unsigned char *iv);
56        int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
57                int *outl);
58
59        int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
60                unsigned char *key, unsigned char *iv, int enc);
61        int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
62                int *outl);
63
64        int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
65        int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
66        int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
67        int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
68
69        const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
70        #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
71        #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
72
73        #define EVP_CIPHER_nid(e)              ((e)->nid)
74        #define EVP_CIPHER_block_size(e)       ((e)->block_size)
75        #define EVP_CIPHER_key_length(e)       ((e)->key_len)
76        #define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
77        #define EVP_CIPHER_flags(e)            ((e)->flags)
78        #define EVP_CIPHER_mode(e)             ((e)->flags) & EVP_CIPH_MODE)
79        int EVP_CIPHER_type(const EVP_CIPHER *ctx);
80
81        #define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
82        #define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
83        #define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
84        #define EVP_CIPHER_CTX_key_length(e)   ((e)->key_len)
85        #define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
86        #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
87        #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
88        #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
89        #define EVP_CIPHER_CTX_flags(e)                ((e)->cipher->flags)
90        #define EVP_CIPHER_CTX_mode(e)         ((e)->cipher->flags & EVP_CIPH_MODE)
91
92        int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
93        int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
94

DESCRIPTION

96       The EVP cipher routines are a high level interface to certain symmetric
97       ciphers.
98
99       EVP_CIPHER_CTX_init() initializes cipher contex ctx.
100
101       EVP_EncryptInit_ex() sets up cipher context ctx for encryption with
102       cipher type from ENGINE impl. ctx must be initialized before calling
103       this function. type is normally supplied by a function such as
104       EVP_des_cbc(). If impl is NULL then the default implementation is used.
105       key is the symmetric key to use and iv is the IV to use (if necessary),
106       the actual number of bytes used for the key and IV depends on the
107       cipher. It is possible to set all parameters to NULL except type in an
108       initial call and supply the remaining parameters in subsequent calls,
109       all of which have type set to NULL. This is done when the default
110       cipher parameters are not appropriate.
111
112       EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes
113       the encrypted version to out. This function can be called multiple
114       times to encrypt successive blocks of data. The amount of data written
115       depends on the block alignment of the encrypted data: as a result the
116       amount of data written may be anything from zero bytes to (inl +
117       cipher_block_size - 1) so outl should contain sufficient room. The
118       actual number of bytes written is placed in outl.
119
120       If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
121       the "final" data, that is any data that remains in a partial block.  It
122       uses standard block padding (aka PKCS padding). The encrypted final
123       data is written to out which should have sufficient space for one
124       cipher block. The number of bytes written is placed in outl. After this
125       function is called the encryption operation is finished and no further
126       calls to EVP_EncryptUpdate() should be made.
127
128       If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any
129       more data and it will return an error if any data remains in a partial
130       block: that is if the total data length is not a multiple of the block
131       size.
132
133       EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are
134       the corresponding decryption operations. EVP_DecryptFinal() will return
135       an error code if padding is enabled and the final block is not cor‐
136       rectly formatted. The parameters and restrictions are identical to the
137       encryption operations except that if padding is enabled the decrypted
138       data buffer out passed to EVP_DecryptUpdate() should have sufficient
139       room for (inl + cipher_block_size) bytes unless the cipher block size
140       is 1 in which case inl bytes is sufficient.
141
142       EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
143       functions that can be used for decryption or encryption. The operation
144       performed depends on the value of the enc parameter. It should be set
145       to 1 for encryption, 0 for decryption and -1 to leave the value
146       unchanged (the actual value of 'enc' being supplied in a previous
147       call).
148
149       EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
150       and free up any allocated memory associate with it. It should be called
151       after all operations using a cipher are complete so sensitive informa‐
152       tion does not remain in memory.
153
154       EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
155       similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
156       EVP_CipherInit_ex() except the ctx paramter does not need to be ini‐
157       tialized and they always use the default cipher implementation.
158
159       EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in
160       a similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
161       EVP_CipherFinal_ex() except ctx is automatically cleaned up after the
162       call.
163
164       EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
165       return an EVP_CIPHER structure when passed a cipher name, a NID or an
166       ASN1_OBJECT structure.
167
168       EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher
169       when passed an EVP_CIPHER or EVP_CIPHER_CTX structure.  The actual NID
170       value is an internal value which may not have a corresponding OBJECT
171       IDENTIFIER.
172
173       EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
174       encryption operations are padded using standard block padding and the
175       padding is checked and removed when decrypting. If the pad parameter is
176       zero then no padding is performed, the total amount of data encrypted
177       or decrypted must then be a multiple of the block size or an error will
178       occur.
179
180       EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
181       length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX struc‐
182       ture. The constant EVP_MAX_KEY_LENGTH is the maximum key length for all
183       ciphers. Note: although EVP_CIPHER_key_length() is fixed for a given
184       cipher, the value of EVP_CIPHER_CTX_key_length() may be different for
185       variable key length ciphers.
186
187       EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
188       If the cipher is a fixed length cipher then attempting to set the key
189       length to any value other than the fixed value is an error.
190
191       EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
192       length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX.  It
193       will return zero if the cipher does not use an IV.  The constant
194       EVP_MAX_IV_LENGTH is the maximum IV length for all ciphers.
195
196       EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the
197       block size of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX
198       structure. The constant EVP_MAX_IV_LENGTH is also the maximum block
199       length for all ciphers.
200
201       EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the
202       passed cipher or context. This "type" is the actual NID of the cipher
203       OBJECT IDENTIFIER as such it ignores the cipher parameters and 40 bit
204       RC2 and 128 bit RC2 have the same NID. If the cipher does not have an
205       object identifier or does not have ASN1 support this function will
206       return NID_undef.
207
208       EVP_CIPHER_CTX_cipher() returns the EVP_CIPHER structure when passed an
209       EVP_CIPHER_CTX structure.
210
211       EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher
212       mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
213       EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
214       EVP_CIPH_STREAM_CIPHER is returned.
215
216       EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter"
217       based on the passed cipher. This will typically include any parameters
218       and an IV. The cipher IV (if any) must be set when this call is made.
219       This call should be made before the cipher is actually "used" (before
220       any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This
221       function may fail if the cipher does not have any ASN1 support.
222
223       EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
224       AlgorithmIdentifier "parameter". The precise effect depends on the
225       cipher In the case of RC2, for example, it will set the IV and effec‐
226       tive key length.  This function should be called after the base cipher
227       type is set but before the key is set. For example EVP_CipherInit()
228       will be called with the IV and key set to NULL,
229       EVP_CIPHER_asn1_to_param() will be called and finally EVP_CipherInit()
230       again with all parameters except the key set to NULL. It is possible
231       for this function to fail if the cipher does not have any ASN1 support
232       or the parameters cannot be set (for example the RC2 effective key
233       length is not supported.
234
235       EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be
236       determined and set. Currently only the RC2 effective key length and the
237       number of rounds of RC5 can be set.
238

RETURN VALUES

240       EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
241       return 1 for success and 0 for failure.
242
243       EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0
244       for failure.  EVP_DecryptFinal_ex() returns 0 if the decrypt failed or
245       1 for success.
246
247       EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0
248       for failure.  EVP_CipherFinal_ex() returns 0 for a decryption failure
249       or 1 for success.
250
251       EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
252
253       EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
254       return an EVP_CIPHER structure or NULL on error.
255
256       EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
257
258       EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the
259       block size.
260
261       EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
262       length.
263
264       EVP_CIPHER_CTX_set_padding() always returns 1.
265
266       EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
267       length or zero if the cipher does not use an IV.
268
269       EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the
270       cipher's OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT
271       IDENTIFIER.
272
273       EVP_CIPHER_CTX_cipher() returns an EVP_CIPHER structure.
274
275       EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for
276       success or zero for failure.
277

CIPHER LISTING

279       All algorithms have a fixed key length unless otherwise stated.
280
281       EVP_enc_null()
282           Null cipher: does nothing.
283
284       EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void),
285       EVP_des_ofb(void)
286           DES in CBC, ECB, CFB and OFB modes respectively.
287
288       EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),
289       EVP_des_ede_cfb(void)
290           Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
291
292       EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void),
293       EVP_des_ede3_cfb(void)
294           Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
295
296       EVP_desx_cbc(void)
297           DESX algorithm in CBC mode.
298
299       EVP_rc4(void)
300           RC4 stream cipher. This is a variable key length cipher with
301           default key length 128 bits.
302
303       EVP_rc4_40(void)
304           RC4 stream cipher with 40 bit key length. This is obsolete and new
305           code should use EVP_rc4() and the EVP_CIPHER_CTX_set_key_length()
306           function.
307
308       EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void),
309       EVP_idea_ofb(void), EVP_idea_cbc(void)
310           IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respec‐
311           tively.
312
313       EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void),
314       EVP_rc2_ofb(void)
315           RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respec‐
316           tively. This is a variable key length cipher with an additional
317           parameter called "effective key bits" or "effective key length".
318           By default both are set to 128 bits.
319
320       EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
321           RC2 algorithm in CBC mode with a default key length and effective
322           key length of 40 and 64 bits.  These are obsolete and new code
323           should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
324           EVP_CIPHER_CTX_ctrl() to set the key length and effective key
325           length.
326
327       EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
328           Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes
329           respectively. This is a variable key length cipher.
330
331       EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void),
332       EVP_cast5_ofb(void)
333           CAST encryption algorithm in CBC, ECB, CFB and OFB modes respec‐
334           tively. This is a variable key length cipher.
335
336       EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void),
337       EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
338           RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respec‐
339           tively. This is a variable key length cipher with an additional
340           "number of rounds" parameter. By default the key length is set to
341           128 bits and 12 rounds.
342

NOTES

344       Where possible the EVP interface to symmetric ciphers should be used in
345       preference to the low level interfaces. This is because the code then
346       becomes transparent to the cipher used and much more flexible.
347
348       PKCS padding works by adding n padding bytes of value n to make the
349       total length of the encrypted data a multiple of the block size. Pad‐
350       ding is always added so if the data is already a multiple of the block
351       size n will equal the block size. For example if the block size is 8
352       and 11 bytes are to be encrypted then 5 padding bytes of value 5 will
353       be added.
354
355       When decrypting the final block is checked to see if it has the correct
356       form.
357
358       Although the decryption operation can produce an error if padding is
359       enabled, it is not a strong test that the input data or key is correct.
360       A random block has better than 1 in 256 chance of being of the correct
361       format and problems with the input data earlier on will not produce a
362       final decrypt error.
363
364       If padding is disabled then the decryption operation will always suc‐
365       ceed if the total amount of data decrypted is a multiple of the block
366       size.
367
368       The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
369       EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained
370       for compatibility with existing code. New code should use EVP_Encryp‐
371       tInit_ex(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFi‐
372       nal_ex(), EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can
373       reuse an existing context without allocating and freeing it up on each
374       call.
375

BUGS

377       For RC5 the number of rounds can currently only be set to 8, 12 or 16.
378       This is a limitation of the current RC5 code rather than the EVP inter‐
379       face.
380
381       EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal
382       ciphers with default key lengths. If custom ciphers exceed these values
383       the results are unpredictable. This is because it has become standard
384       practice to define a generic key as a fixed unsigned char array con‐
385       taining EVP_MAX_KEY_LENGTH bytes.
386
387       The ASN1 code is incomplete (and sometimes inaccurate) it has only been
388       tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC
389       mode.
390

EXAMPLES

392       Get the number of rounds used in RC5:
393
394        int nrounds;
395        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
396
397       Get the RC2 effective key length:
398
399        int key_bits;
400        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
401
402       Set the number of rounds used in RC5:
403
404        int nrounds;
405        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
406
407       Set the effective key length used in RC2:
408
409        int key_bits;
410        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
411
412       Encrypt a string using blowfish:
413
414        int do_crypt(char *outfile)
415               {
416               unsigned char outbuf[1024];
417               int outlen, tmplen;
418               /* Bogus key and IV: we'd normally set these from
419                * another source.
420                */
421               unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
422               unsigned char iv[] = {1,2,3,4,5,6,7,8};
423               char intext[] = "Some Crypto Text";
424               EVP_CIPHER_CTX ctx;
425               FILE *out;
426               EVP_CIPHER_CTX_init(&ctx);
427               EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
428
429               if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
430                       {
431                       /* Error */
432                       return 0;
433                       }
434               /* Buffer passed to EVP_EncryptFinal() must be after data just
435                * encrypted to avoid overwriting it.
436                */
437               if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
438                       {
439                       /* Error */
440                       return 0;
441                       }
442               outlen += tmplen;
443               EVP_CIPHER_CTX_cleanup(&ctx);
444               /* Need binary mode for fopen because encrypted data is
445                * binary data. Also cannot use strlen() on it because
446                * it wont be null terminated and may contain embedded
447                * nulls.
448                */
449               out = fopen(outfile, "wb");
450               fwrite(outbuf, 1, outlen, out);
451               fclose(out);
452               return 1;
453               }
454
455       The ciphertext from the above example can be decrypted using the
456       openssl utility with the command line:
457
458        S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
459
460       General encryption, decryption function example using FILE I/O and RC2
461       with an 80 bit key:
462
463        int do_crypt(FILE *in, FILE *out, int do_encrypt)
464               {
465               /* Allow enough space in output buffer for additional block */
466               inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
467               int inlen, outlen;
468               /* Bogus key and IV: we'd normally set these from
469                * another source.
470                */
471               unsigned char key[] = "0123456789";
472               unsigned char iv[] = "12345678";
473               /* Don't set key or IV because we will modify the parameters */
474               EVP_CIPHER_CTX_init(&ctx);
475               EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
476               EVP_CIPHER_CTX_set_key_length(&ctx, 10);
477               /* We finished modifying parameters so now we can set key and IV */
478               EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
479
480               for(;;)
481                       {
482                       inlen = fread(inbuf, 1, 1024, in);
483                       if(inlen <= 0) break;
484                       if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
485                               {
486                               /* Error */
487                               EVP_CIPHER_CTX_cleanup(&ctx);
488                               return 0;
489                               }
490                       fwrite(outbuf, 1, outlen, out);
491                       }
492               if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
493                       {
494                       /* Error */
495                       EVP_CIPHER_CTX_cleanup(&ctx);
496                       return 0;
497                       }
498               fwrite(outbuf, 1, outlen, out);
499
500               EVP_CIPHER_CTX_cleanup(&ctx);
501               return 1;
502               }
503

SEE ALSO

505       evp(3)
506

HISTORY

508       EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
509       EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
510       EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
511       OpenSSL 0.9.7.
512
513
514
5150.9.8b                            2005-04-15                EVP_EncryptInit(3)
Impressum